37-21
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter37 Configuring Management Access
Configuring AAA for System Administrators
Limiting User CLI and ASDM Access with Management Authorization
If you configure CLI or enable authentication, you can limit a local user, RADIUS, TACACS+, or LDAP
user (if you map LDAP attributes to RADIUS attributes) from accessing the CLI, ASDM, or the enable
command.
Note Serial access is not included in management authorization, so if you configure the aaa authentication
serial consolecommand, then any user who authenticates can access the console port.
To limit user CLI and ASDM access, perform the following steps:
Detailed Steps
Command Purpose
Step1 aaa authorization exec
authentication-server
Example:
hostname(config)# aaa authorization exec
authentication-server
Enables management authorization for local, RADIUS, LDAP
(mapped), and TACACS+ users. Also enables support of
administrative user privilege levels from RADIUS, which can be
used in conjunction with local command privilege levels for
command authorization. See the “Configuring Local Command
Authorization” section on page37-23 for more information. Use
the aaa authorization exec LOCAL command to enable
attributes to be taken from the local database.